Re: Single Signon via EIM - hosts file explained

That'd be great, but I do have one point of concern. Instead of the RSE
connection's host name, the host name to be added to the hosts file
should be the canonical host name (PTR record in DNS). If the RSE host
name is "host" instead of "host.domain.com", RSE would like it just fine
but EIM/Kerberos would have a big problem with it.

-----Original Message-----
From: wdsci-l-bounces@xxxxxxxxxxxx

[mailto:wdsci-l-bounces@xxxxxxxxxxxx]

On Behalf Of Don Yantzi
Sent: Monday, September 10, 2007 1:28 PM
To: Websphere Development Studio Client for iSeries
Subject: Re: [WDSCI-L] Single Signon via EIM - hosts file explained

The RSE adds those lines to the hosts file whenever you launch one of

the

CODE tools from the RSE. If you don't use the CODE tools (or at

leasts

don't launch them from the RSE) then it will never touch the hosts

file.

Now for the explanation why it does this. CODE only allows a single
connection to the same host name, and connection names are limited to

8

characters, while the RSE allows multiple connections to the same host

and

arbitrarily long connection names (with spaces and other characters

that

are not valid in a CODE connection name). Both RSE and CODE allow
additional libraries to be specified for the library list. So when
bridging from the RSE to CODE we needed a one-to-one mapping in order

to

carry over the library list settings (and therefore for compiles to

work

properly from CODE).

So the RSE takes the connection names, removes any characters that are

not

valid in a CODE connection name, then takes the last 6 characters and
prepends R# in order to make it unique (where # is a digit that makes

it

unique if it collides with an existing entry in the hosts table). And
then registers that with CODE as the server and adds the hosts entry

to

map it to the correct IP address and viola CODE can have multiple
connections to the same server. It's not a pretty solution but it

works

(in most cases).

I have opened a defect to a) change the message to say generated by

the

RSE not Eclipse, and b) add the middle entry with the hostname

originally

specified for the RSE connection.

Thanks.

Don Yantzi
Technical Lead
WebSphere Development Studio Client for iSeries
IBM Toronto Lab





"Dean, Robert" <rdean@xxxxxxxxxxxx>
Sent by: wdsci-l-bounces@xxxxxxxxxxxx
08/30/2007 11:17 AM
Please respond to
Websphere Development Studio Client for iSeries <wdsci-l@xxxxxxxxxxxx>


To
"Websphere Development Studio Client for iSeries"

<wdsci-l@xxxxxxxxxxxx>

cc

Subject
Re: [WDSCI-L] Single Signon via EIM






That last part may not be clear....

The reason it works is that putting "real.host.name" first on the line
will make sure that Windows will return "real.host.name" when doing an
nslookup on 192.168.0.1, without disabling CODE's ability to translate
R0TARCOM to 192.168.0.1.

-----Original Message-----
From: wdsci-l-bounces@xxxxxxxxxxxx

[mailto:wdsci-l-bounces@xxxxxxxxxxxx]

On Behalf Of Dean, Robert
Sent: Thursday, August 30, 2007 11:13 AM
To: Websphere Development Studio Client for iSeries
Subject: Re: [WDSCI-L] Single Signon via EIM

We were in that boat a few months ago, but we figured it out.

Kerberos support in Client Access requires that the client, iSeries,

and

Kerberos server all map the iSeries IP address back to the same
hostname.

CODE complicates matters by putting entries in the hosts file, like

so:

192.168.0.1 R0TARCOM

You can restore the ability to use Kerberos by editing your hosts

file

so that the proper host name appears first:

192.168.0.1 real.host.name R0TARCOM

That way CODE and Kerberos are both happy.

-----Original Message-----
From: wdsci-l-bounces@xxxxxxxxxxxx

[mailto:wdsci-l-bounces@xxxxxxxxxxxx]

On Behalf Of Justin Taylor
Sent: Thursday, August 30, 2007 9:40 AM
To: wdsci-l@xxxxxxxxxxxx
Subject: [WDSCI-L] Single Signon via EIM

We are working on setting up Single Signon using Enterprise

Identity

Management (EIM) and were told by IBM that it is not possible on

any

PC

that runs WDSc. This is due to the fact that WDSc requires

entries

in

the HOSTS file that preclude EIM from working. Does anyone have

any

more info on this? Are there any plans to eliminate this

restriction?

--
This is the Websphere Development Studio Client for iSeries

(WDSCI-L)

mailing list
To post a message email: WDSCI-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
or email: WDSCI-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/wdsci-l.

--
This is the Websphere Development Studio Client for iSeries

(WDSCI-L)

mailing list
To post a message email: WDSCI-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
or email: WDSCI-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/wdsci-l.

--
This is the Websphere Development Studio Client for iSeries (WDSCI-L)
mailing list
To post a message email: WDSCI-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
or email: WDSCI-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/wdsci-l.

--
This is the Websphere Development Studio Client for iSeries (WDSCI-L)
mailing list
To post a message email: WDSCI-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
or email: WDSCI-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/wdsci-l.